A long time
ago, I switched my GnuPG setup to a smartcard based one. I kept
using the same master key, but:

copied the rsa4096 master key to a “master” smartcard, for
when I need to sign (certify) other keys;

created rsa2048 subkeys (for signature, encryption and
authentication) and moved them to an OpenPGP smartcard for daily
usage.

I've been working with that setup for a few years now and it is
working perfectly fine. The signature counter on the OpenPGP basic
card is a bit north of 5000 which is large but not that huge, all
considered (and not counting authentication and decryption key
usage).

One very nice feature of using a smartcard is that my laptop (or
other machines I work on) never manipulates the private key
directly but only sends request to the card, which is a really huge
improvement, in my opinion. But it's also not the perfect solution
for me: the OpenPGP
card uses a proprietary platform from ZeitControl, named BasicCard. We have very few information
on the smartcard, besides the fact that Werner Koch trust
ZeistControl to not mess up. One caveat for me is that the card
does not use a certified secure microcontroler like you would find
in smartcard chips found in debit card or electronic IDs. That
means it's not really been audited by a competent hardware lab, and
thus can't be considered secure against physical attacks. The
cardOS software and the application implementing the OpenPGP
specification are not public either and have not been audited
either, to the best of my knowledge.

At one point I was interested in the Yubikey
Neo, especially since the architecture Yubico used was common:
a (supposedly) certified platform (secure microcontroler, card OS)
and a GlobalPlatform / JavaCard virtual machine. The applet used in
the Yubikey Neo is open-source, too, so
you could take a look at it and identify any issue.

Unfortunately, Yubico transitioned
to a less common and more proprietary infrastructure for Yubikey
4: it's not longer Javacard based, and they don't provide the
applet source anymore. This was not really seen as a good move by a
lot of people, including Konstantin
Ryabitsev (kernel.org administrator). Also, it wasn't
possible even for the Yubico Neo to actually build the applet
yourself and inject it on the card: when the Yubikey leaves the
facility, the applet is already installed and the smartcard is
locked (for obvious security reason). I've tried asking about
getting naked/empty Yubikey with developers keys to load the applet
myself, but it' was apparently not possible or would have required
signing an NDA with NXP (the chip maker), which is not really
possible as an individual (not that I really want to anyway).

In the meantime, a coworker actually wrote an OpenPGP javacard
applet, with the intention to support latest version of the
OpenPGP specification, and especially elliptic curve
cryptography. The applet is called SmartPGP and has been released on ANSSI github
repository. I investigated a bit, and found a
smartcard with correct
specification: certified (in
France or Germany), and supporting Javacard 3.0.4 (required for
ECC). The card can do RSA2048 (unfortunately not RSA4096) and EC
with NIST (secp256r1, secp384r1, secp521r1) and Brainpool (P256,
P384, P512) curves.

I've ordered some cards, and when they arrived started playing.
I've built the SmartPGP applet and pushed it to a smartcard, then
generated some keys and tried with GnuPG. I'm right now in the
process of migrating to a new smartcard based on that setup, which
seems to work just fine after few days.

Part two of this serie will describe how to build the applet and
inject it in the smartcard. The process is already documented here
and there, but there are few things not to forget, like how to lock
the card after provisionning, so I guess having the complete
process somewhere might be useful in case some people want to
reproduce it.